Wi-fi theft, as in the act of stealing someone’s internet connectivity by breaking into a wireless network, has been around ever since we first started using wireless routers.

Before covering the topic of how likely you are for wi-fi theft, I’ll first say that wi-fi security has never been that good. If one is desperate enough to steal your signal, there’s always a way. After all, anything that is transmitted can be intercepted. And as far as cracking the password is concerned, it truly is not that difficult given the right tools.

The best way to protect yourself from wi-fi theft is to:

Know your wireless router’s admin program thoroughly.

Take steps to be less of a target.

Know your wireless router’s admin program thoroughly

Login to your admin program via the web browser for your router and go thru every setting so you get familiarized with what you can do in there. Then follow the steps below.

Remember that for every wireless router manufactured there is a downloadable PDF manual for it (as far as I know) if you lost your printed copy. Perform a Google search for your make/model of router with the word "manual" in the search term and you should be able to locate the PDF version easily.

Taking steps to be less of a target

Use WPA2 if available with a long password

The WPA2 access password can be up to 63 characters long. If you use a long password with mixed case letters, numbers, spaces and symbols, it will be very difficult to "brute force" the password out of it.

Limit connectivity to specific MAC address(es)

This is usually labeled as MAC Address Filtering within the admin program. Every modern network card has a MAC (Media Access Control) address. If you limit allowed clients to specific MAC addresses, this greatly decreases the chance of wi-fi theft.

Most wireless router admin programs allow you to directly copy the MAC address from the connected PC into the allowed client list, so there’s usually no copy/paste involved.

Note: If you use virtual PCs, they have virtual MAC addresses that the router considers real. If setting up MAC address filtering, include your virtual machines as well.

Additional note: MAC addresses can be spoofed. But someone would have to specifically know one of the allowed MAC addresses in your wi-fi network and apply it to their computer in order to break in.

Limit number of connections

If you have three computers in your house and only allow for three assigned IP addresses via the router, the only way another system can get in there is to kick one off the network first.

Once again, be mindful of virtual PCs if you use them, because they use literal IPs (if network enabled); each counts as a separate unique network connection as far as the router is concerned. If you have three real PCs and two virtual ones that are network enabled, you will need to have your router be able to assign 5 IP addresses.

Do not allow remote administration

All wireless routers to the best of my knowledge come with this feature disabled by default, so you shouldn’t have to worry about it.

Other questions answered

Does IP Lease Time affect security at all?

No. My only suggestion would have the Lease Time not set to "forever", especially if you have people in and out of your house using the wi-fi routinely. This is done strictly for convenience’s sake. Some of you out there may prefer to have IPs cleared from the DHCP list, especially for temporary assignments (such as a friend visiting and using his or her wi-fi enabled laptop).

Does disabling the broadcasting of the SSID help?

It does offer a little bit of extra security, but MAC address filtering is much more effective.

Not really, because all that has to be done is a re-scan of the available networks.

I do, however, suggest a non-generic name to make you less attractive as a target. For example, many people have Linksys routers simply labeled as "linksys". This literally announces, "I never changed this setting in my router", and that’s not good.

At least with a custom name, whoever is trying to break into a wi-fi network will target the "easy looking" ones first, and that includes SSID names like "linksys", "belkin" and the like.

Final notes

Taking action to be less of a target is your best defense against a wi-fi break-in.

Of course, the best defense is simply shutting the router off when not in use. This may be inconvenient, but nobody can break into your network via wireless if the router is off.

More Resources Hardware
mac
Wi-Fi
Wireless Security

Wi-fi theft, as in the act of stealing someone’s internet connectivity by breaking into a wireless network, has been around ever since we first started using wireless routers.

Before covering the topic of how likely you are for wi-fi theft, I’ll first say that wi-fi security has never been that good. If one is desperate enough to steal your signal, there’s always a way. After all, anything that is transmitted can be intercepted. And as far as cracking the password is concerned, it truly is not that difficult given the right tools.

The best way to protect yourself from wi-fi theft is to:

Know your wireless router’s admin program thoroughly.

Take steps to be less of a target.

Know your wireless router’s admin program thoroughly

Login to your admin program via the web browser for your router and go thru every setting so you get familiarized with what you can do in there. Then follow the steps below.

Remember that for every wireless router manufactured there is a downloadable PDF manual for it (as far as I know) if you lost your printed copy. Perform a Google search for your make/model of router with the word "manual" in the search term and you should be able to locate the PDF version easily.

Taking steps to be less of a target

Use WPA2 if available with a long password

The WPA2 access password can be up to 63 characters long. If you use a long password with mixed case letters, numbers, spaces and symbols, it will be very difficult to "brute force" the password out of it.

Limit connectivity to specific MAC address(es)

This is usually labeled as MAC Address Filtering within the admin program. Every modern network card has a MAC (Media Access Control) address. If you limit allowed clients to specific MAC addresses, this greatly decreases the chance of wi-fi theft.

Most wireless router admin programs allow you to directly copy the MAC address from the connected PC into the allowed client list, so there’s usually no copy/paste involved.

Note: If you use virtual PCs, they have virtual MAC addresses that the router considers real. If setting up MAC address filtering, include your virtual machines as well.

Additional note: MAC addresses can be spoofed. But someone would have to specifically know one of the allowed MAC addresses in your wi-fi network and apply it to their computer in order to break in.

Limit number of connections

If you have three computers in your house and only allow for three assigned IP addresses via the router, the only way another system can get in there is to kick one off the network first.

Once again, be mindful of virtual PCs if you use them, because they use literal IPs (if network enabled); each counts as a separate unique network connection as far as the router is concerned. If you have three real PCs and two virtual ones that are network enabled, you will need to have your router be able to assign 5 IP addresses.

Do not allow remote administration

All wireless routers to the best of my knowledge come with this feature disabled by default, so you shouldn’t have to worry about it.

Other questions answered

Does IP Lease Time affect security at all?

No. My only suggestion would have the Lease Time not set to "forever", especially if you have people in and out of your house using the wi-fi routinely. This is done strictly for convenience’s sake. Some of you out there may prefer to have IPs cleared from the DHCP list, especially for temporary assignments (such as a friend visiting and using his or her wi-fi enabled laptop).

Does disabling the broadcasting of the SSID help?

It does offer a little bit of extra security, but MAC address filtering is much more effective.

Not really, because all that has to be done is a re-scan of the available networks.

I do, however, suggest a non-generic name to make you less attractive as a target. For example, many people have Linksys routers simply labeled as "linksys". This literally announces, "I never changed this setting in my router", and that’s not good.

At least with a custom name, whoever is trying to break into a wi-fi network will target the "easy looking" ones first, and that includes SSID names like "linksys", "belkin" and the like.

Final notes

Taking action to be less of a target is your best defense against a wi-fi break-in.

Of course, the best defense is simply shutting the router off when not in use. This may be inconvenient, but nobody can break into your network via wireless if the router is off.